A powerful 2 2/8" by 3 3/8" piece of plastic that has contributed to the fueling of a robust economy and increased merchandise sales is the "go to" purchasing method of a credit card or debit card.
These convenient 1/4" thick financial lifeline cards can be easily removed from one's wallet or purse and magically inserted into a designated slot or by simply swiping the card machine utilizing the magnetic strip on the back. Consequently, the customer does not need to fumble for cash and coin nor do they need to write out a check.
However, the ease and convenience stops there. There is so much more that is required before and after the display flashes approved.
Consider these credit card statistics:
- The average adult consumer in the United States of America carries 3.7 credit cards
- Some estimates conclude that there are, per year, 26.2 billion transactions made with credit cards and or debit cards per year
- Consequently, there are 71,232,876 million credit card or debit card transactions per day
- The average value of a credit card or debit card transaction is $94
Therefore, it is a "no-brainer" assumption that merchants or business owners want to offer to their customers the convenience of the use of credit or debit cards. However, in offering the convenience of these card transactions to the customer should be the added commitment of providing and implementing security measures to protect customer's personal information.
1) One of the precautions that the vendor can implement is to bring their credit sales transactions into EMV compliance. EMV first stood for Eurpopay, Mastercard and Visa (EMV). Now, this global security measure brings an added layer of security beyond the magnetic strip because of cryptographic processing. This security measure protects the consumer's data from being stolen by identity thieves and those wishing to use the card information fraudulently.
Consequently, it is important with this transition to the use of "chipped" card purchases for the vendor to migrate to chip enhanced credit card machines. This investment will provide an additional and meaningful layer of security for the benefit of the consumer as well the business owner to maintain the integrity of the credit card transaction and maintain trust with the consumer.
2) The second major precaution that should be implemented to ensure the integrity and safety of credit card transactions is to be PCI compliant. PCI is an acronym that stands for Payment Card Industry and is a compilation of Data Security Standards devised to maintain the protection of the consumer's identity and their personal account. This system provides a framework to the vendor on how to process and secure stored card information.
This added layer of gathering and protecting consumer information was born out of the major security breaches that occurred within the various credit payment systems at a variety of businesses. The end purpose of developing these lines of defense was to not only prevent further compromises, but to instantly detect possible breaches to the credit system and react in real time.
Added to the need to implement such protective measures are the consequences realized by the vendors and retailers who do not comply with these measures designed to maintain the integrity of the credit purchasing system. One of the most significant measures taken to ensure compliance in the use of these measures is the possibility of significant fines imposed on the non-compliant retailer by such credit companies as Visa and MasterCard.
3) Another significant precaution that can be taken to ensure that card usage and information gathered is properly maintained and secured for the consumer is the option of not storing sensitive consumer information on the company's servers. This compelling company policy can be accomplished through a process known as tokenization.
Tokenization, as the name implies, only uses a token amount of information to complete the purchase transaction. Generally, that token amount of information includes codes that reflect the purchase authorization and ID's that correspond with the transaction. The sensitive information is replaced with randomly generated characters that are chained together. These characters correspond back to the original data and can only be accessed by an authorized user.
The beauty of this way of conducting card purchases is that because none of the customer's personal and sensitive information is stored. This decreases the possibility of gathering and compromising a customer's account by nefarious individuals. This is a significant plus foŕ both the consumer and vendor as it underscores the commitment and value placed on the consumer's privacy. Tokenization is a security measure that aids the vendor in being compliant with PCI standards.
4) Fourthly, as a precaution or strategy to implement to ensure that card processing is safeguarded, it is important to stay current regarding PCI compliance measures. Those measures that are implemented are sometimes modified and changed based on new methods or actions implemented by hackers.
In conclusion, it is important to remember that adherence to the company's security protocol to protect customers and one's business may not be enough. The use of hacking methods to gather credit card information by unscrupulous individuals are always being modified and new attack methods devised to penetrate safeguards that are in place. Therefore, it is incumbent upon the vendor to maintain their vigilance.
As a 5th precaution a number of miscellaneous actions that can layer the line of defense to secure credit card processing may include:
-Engaging a security consultant
-Contracting with a security officer
-Read online publications posted by experts in the field
-Utilize a quality monitoring and alert system
-Consider cloud storage
-Keep abreast with current events
-Educate staff - security is a team issue
Remember, small businesses are particularly vulnerable. Statistics reveal that over 40% of small businesses were victims of security breaches and therefore having their customer's data compromised. Sadly, only 30% of these small businesses had security software in place.
Added to the negative impact of these breaches is that they compromised situations went undetected for over 190 days and then, when discovered, an additional 69 days was required to contain the area of compromise. And, of course, there was a cost. That cost to the business and eventually passed down to the customer was, on average, $148 per account to the company…not to mention the "hit" to the company's reputation.